Security firm FireEye is responsible for the latest finding, noting that this zero-dayexploit has been successfully executed using Java 1.6 update 41 and the most recent 1.7 update 15. It takes advantage of a vulnerability that might allow someone to overwrite bits of data Java has stored in the RAM - such as the area that tells it whether or not the security manager is enabled. While success is hit or miss, if it does land, an HTTP GET command will be issued that downloads the McRAT malware, which could be used to download additional malware.

FireEye recommends disabling Java until a patch has been released, or to at least set its security to "High". We'd recommend considering getting rid of it entirely, because with the number of vulnerabilities being made known about all the time, things are just getting ridiculous. If you do have Java installed, it might be worth asking yourself what you're using it for. In talking to friends, I've discovered that it's not uncommon for people to have Java installed from something they needed once, and then just never bothered to uninstall it.